lecture 13 - security and ethical challenges[1]

Security and Ethical Challenges

Business Information Systems

Security and Ethical Challenges 2

Lecture Outline

Security, Ethical, and Societal Challenges of IT

Security Management of Information Technology



As a business professional, you have a responsibility to promote ethical uses of information technology in the workplace



Business ethics – concerned with the numerous ethical questions that managers must confront as part of their daily business decision making



Basic categories of ethical business issues related to information technology:– Equity:

Intellectual property rights

– Rights:Customer privacy

Employee privacy



Basic categories of ethical business issues related to information technology:– Honesty:

Security of company information through hiring

– Safety:Workplace safety



Ethical decisions can be made through:– Stockholder theory – holds that managers are

agents of the stockholders, and their only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices



Ethical decisions can be made through:– Social contract theory – states that companies

have ethical responsibilities to all members of society, which allows corporations to exist according to a social contract



Ethical decisions can be made through:– Social contract theory may include:

Companies must enhance the economic satisfaction of consumers and employees without polluting the environment or depleting natural resources, misusing political power, or subjecting their (direct and indirect) employees to dehumanizing working conditions



Ethical decisions can be made through:– Social contract theory conditions :

Companies must avoid fraudulent practices, show respect for their employees as human beings, and avoid practices that systematically worsen the position of any group in society



What is a company’s obligation toward its employee’s?

What is a company’s obligation toward the protection of customer data?



Ethical decisions can be made through:– Stakeholder theory – maintains that managers

have an ethical responsibility to manage a firm for the benefit of all its stakeholders, that is, all individuals and groups that have a stake in, or claim on, a company



Association of Information Technology Professionals (AITP) Standards of Professional Conduct:– In recognition of my obligation to my employer

I shall:Avoid conflicts of interest and ensure that my employer is aware of any potential conflicts

Protect the privacy and confidentiality of all information entrusted to me



AITP Standards of Professional Conduct:– In recognition of my obligation to my employer

I shall:Not misrepresent or withhold information that is germane to the situation

Not attempt to use the resources of my employer for personal gain or for any purpose without proper approval

Not exploit the weakness of a computer system for personal gain or personal satisfaction



AITP Standards of Professional Conduct:– In recognition of my obligation to society I

shall:Use my skill and knowledge to inform the public in all areas of my expertise

To the best of my ability, ensure that the products of my work are used in a socially responsible way

Support, respect, and abide by the appropriate local, state, provincial, and federal laws



AITP Standards of Professional Conduct:– In recognition of my obligation to society I

shall:Never misrepresent or withhold information that is germane to a problem or a situation of public concern, nor will I allow any such known information to remain unchallenged

Not use knowledge of a confidential or personal nature in any unauthorized manner to achieve personal gain



Computer crime:– Is a growing threat to society caused by the

criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the Internet and other networks



Computer crime includes:– The unauthorized use, access, modification, and

destruction of hardware, software, data, or network resources

– The unauthorized release of information to 3rd parties

– The unauthorized copying of software– Using or conspiring to use computer or network

resources to illegally obtain information or tangible property



Hacking – the obsessive use of computers, or the unauthorized access and use of networked computer systems



Common Hacking Tactics:– Denial of service– Scans– Sniffer programs– Spoofing or Phishing– Trojan horse



Common Hacking Tactics:– War dialing– Logic bombs– Buffer overflow– Password crackers– Dumpster diving



Cyber theft – theft of money, e.g., In 1994 Russian hacker Vladimir Levin stole US$11 million from Citibank in New York

Unauthorized use at work – unauthorized use of computer systems and networks can be called time and resource theft



Internet abuses in the workplace:– General email abuses– Unauthorized usage and access– Copyright infringement/plagiarism– Newsgroup postings on non-related topics– Transmission of confidential data– Pornography



Internet abuses in the workplace:– Non-work-related download/upload– Usage of external ISPs– Moonlighting



Software piracy

Theft of intellectual property

Computer viruses and worms

Adware and spyware



Privacy issues:– Privacy on the Internet– Computer matching– Privacy laws– Computer libel and censorship:

Spamming

Flaming



Other challenges:– Employment challenges– Computer monitoring– Challenges in working conditions– Challenges in individuality– Health issues:

Cumulative trauma disorder

Carpal tunnel syndrome



Goal of security management – the accuracy, integrity, and safety of all information system processes and resources



Internetworked security defenses:– Encryption– Firewalls– Denial of service defenses– E-mail monitoring– Virus defenses



Other security measures:– Security codes– Backup files– Security monitors– Biometric security– Computer failure controls– Fault tolerant systems– Disaster recovery– System controls and audits

End of Lecture Thirteen

Security and Ethical Challenges

lecture 13 - security and ethical challenges[1]

Documents